The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that…
On 1 March 2021, Federal Law No. 519-FZ on Amendments to the Federal Law on Personal Data dated 30 December 2020 (the “Law”) came into force. The Law places additional…
On April 14, 2021, the New York State Department of Financial Services (the “DFS”) announced that its cyber enforcement action against National Securities Corporation (“National Securities”) has been resolved by…
March gave companies plenty to take stock of. A multi-million euro fine for deficient vendor oversight, scrutiny of unlawful data transfers to a well-known U.S. email marketing service provider, and…
On March 15, 2021, California’s Attorney General announced the adoption of updates to the regulations implementing the California Consumer Protection Act (“CCPA”). The final (for now) regulations are available here.…
Earlier this week, Debevoise published an overview of the SEC’s Division of Examination Priorities for 2021. Today, we’re taking a deeper dive into one aspect of those priorities: cybersecurity as it…
Virginia has just become the second U.S. state with a comprehensive privacy law, with Governor Ralph Northam’s signing of the Virginia Consumer Data Protection Act (“VCDPA”) on March 2, 2021.…
As covered in our Annual Review, 2020 was a blockbuster year for European data protection. If January is anything to go by, 2021 will be the same. New data breach…
Over two years since the GDPR came into force, the full extent of its impact is still developing at pace. In this post, we look back at the 2020 European…
Introduction For those following emerging artificial intelligence (“AI”) regulations and enforcement closely, one issue of great interest is remedies. In particular: in what circumstances, if any, would regulators or courts…